Lucene search

MozillaCVE-2020-6797

HistoryMar 02, 2020 - 5:15 a.m.

CVE-2020-6797

2020-03-0205:15:13

CWE-20

mozilla

web.nvd.nist.gov

239

cve-2020-6797

security vulnerability

mac osx

arbitrary application

fileloc

thunderbird

firefox

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

Low

EPSS

0.001

Percentile

48.3%

JSON

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user’s computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

Affected configurations

Nvd

Vulners

Node

applemacosMatch-

AND

mozillafirefoxRange<73.0

mozillafirefox_esrRange<68.5.0

mozillathunderbirdRange<68.5.0

VendorProductVersionCPE
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::

CNA Affected

[
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "68.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "73",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "ESR68.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]